Nullify's AI Workforce Scores $12.5M to Automate Product Security

SAN FRANCISCO, CA – February 05, 2026 – Nullify, a startup positioning itself at the vanguard of cybersecurity automation, today announced the closure of a $12.5 million seed funding round. The investment, led by cybersecurity-focused venture firm SYN Ventures, is a significant endorsement of Nullify's audacious vision: to replace overburdened security teams with a fully autonomous "AI workforce."

The new financing, which includes participation from existing backer Black Nova Venture Capital, brings the company's total capital raised to $16.9 million. This infusion of cash is earmarked to scale the deployment of its AI-driven product security solution to mid-sized enterprises and high-growth software companies. As part of the deal, SYN Ventures Operating Partner Glenn Chisholm, a veteran in the security industry, will join Nullify's Board of Directors.

The Rise of the Autonomous AI Workforce

Nullify is making a bold claim that it has created the "world's first AI workforce for product security." This isn't just another AI-powered dashboard or alert-triaging tool. The company describes its product not as a platform, but as a team of autonomous AI employees that can be onboarded to take over the entire operational lifecycle of product security.

This AI workforce is designed to autonomously perform tasks that traditionally require a team of specialized human engineers. The process begins with ingesting a company's code, cloud configurations, and business context. From there, the AI agents work continuously to detect vulnerabilities, validate potential exploits, and score the real-world business impact of each finding.

What sets this approach apart from the crowded market of security tools is its final step: remediation. Nullify claims its AI can autonomously generate and ship merge-ready code fixes directly to the correct developers. This closed-loop system aims to eliminate the endless back-and-forth, manual triage, and cross-tool coordination that plague modern security programs. While many vendors in the application security testing (AST) space, such as Checkmarx and Veracode, have integrated AI to improve threat detection, their solutions typically function as assistants to human teams. Nullify's model represents a fundamental shift from AI-assisted security to AI-driven security autonomy.

"The security labor gap is the defining challenge for defenders today," said Glenn Chisholm in the official announcement. "Nullify’s first-of-its-kind AI workforce doesn’t just summarize alerts. It autonomously makes decisions and takes action, delivering outcomes that once required entire teams."

A Solution for a Twin Crisis

The timing of Nullify's emergence is no coincidence. The cybersecurity industry is grappling with two converging crises: a chronic and widening talent shortage and the escalating sophistication of AI-enabled attackers. Reports from organizations like (ISC)² consistently highlight a global deficit of millions of skilled cybersecurity professionals, leaving enterprises critically understaffed and vulnerable.

Simultaneously, the threat landscape has been supercharged by artificial intelligence. Attackers are leveraging AI to automate their own campaigns, discover new exploits, and launch attacks at a scale and speed that human-led defense teams cannot match. This new reality renders traditional security postures—reliant on manual penetration testing, periodic scans, and human analysis of overwhelming alert volumes—increasingly obsolete.

"For organizations facing significantly greater speed and sophistication of AI-enabled attackers, holding the line with legacy dashboards, scanners, and ticket routing is a losing game," stated Shan Kulkarni, CEO and co-founder of Nullify. The company's solution is positioned as a direct answer to this dilemma. By offering an AI workforce that can be deployed instantly, Nullify provides a way for companies to scale their security capabilities without needing to win the fierce competition for scarce human talent.

Venture Capital Bets Big on Autonomy

The $12.5 million investment from a specialized firm like SYN Ventures underscores a growing consensus among investors: automation, and specifically autonomy, is the future of effective cybersecurity. Venture capitalists are increasingly placing bets on companies that can solve core operational problems, and the labor shortage in security is one of the largest and most persistent.

Chisholm's appointment to the board and his statement highlight the investor thesis. The value is not merely in finding more vulnerabilities but in autonomously handling the entire process to deliver a concrete outcome: a fixed and secure product. This focus on tangible results, rather than just data and alerts, is a key driver for enterprise customers and, by extension, investors. The continued participation from early investor Black Nova Venture Capital further signals confidence in the company's trajectory and its unique market positioning.

The capital will be used to aggressively scale go-to-market operations, expand the engineering and research teams responsible for advancing the AI, and accelerate global growth. The primary targets are organizations most acutely feeling the pain of the talent shortage and the complexity of managing a sprawling, fragmented set of legacy security tools.

From Hype to Reality: Measuring the Impact

While the concept of an AI workforce can sound like science fiction, Nullify is backing its claims with concrete, if company-reported, metrics from its early customers. Across dozens of early adopters, the company reports that its AI employees have saved over 48,000 hours of manual security work.

More critically, the AI has reportedly auto-resolved over 450 vulnerabilities by delivering code fixes that were accepted and merged by development teams. Nullify also touts a nearly 90 percent average merge-ready rate for the pull requests its AI generates. This last metric is particularly significant, as it suggests the AI-generated fixes are not just functional but are of high enough quality to be accepted into production codebases with minimal human intervention.

These figures, while awaiting broader independent verification as the company matures, point to a solution for some of the most persistent pain points in security operations: alert fatigue and slow remediation cycles. By filtering out the noise, validating real threats, and providing ready-to-implement solutions, the AI workforce allows human security professionals and developers to focus their efforts on more strategic initiatives and complex, business-logic-driven threats that still require human ingenuity. With this new funding, Nullify is poised to bring its vision of an autonomous security future to a much wider market.